OpenAI expands Trusted Access for Cyber with GPT-5.4-Cyber for vetted defenders
4 min. read 
Published on
OpenAI has expanded its Trusted Access for Cyber program and introduced GPT-5.4-Cyber, a more cyber-permissive variant of GPT-5.4 built for vetted defenders. The model is designed for advanced defensive workflows, including binary reverse engineering, malware analysis, and vulnerability research in controlled environments.
This does not mean OpenAI launched GPT-5.4 itself this week. OpenAI introduced GPT-5.4 on March 5, 2026, while the cyber-focused expansion and GPT-5.4-Cyber announcement arrived on April 14 as part of a broader security push.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
The key change is access. OpenAI says customers in the highest Trusted Access for Cyber tiers can use GPT-5.4-Cyber with fewer capability restrictions, while standard safeguards still apply more broadly across its public models and products.
What GPT-5.4-Cyber adds
According to OpenAI, GPT-5.4-Cyber lowers the refusal boundary for legitimate cybersecurity work. The company says that lets qualified defenders inspect compiled software without source code and assess it for malware behavior, weaknesses, and overall security robustness.
That makes binary reverse engineering the most notable new capability OpenAI has publicly highlighted. In practice, this gives security teams a model that can help analyze machine-code-level behavior in binaries, which often matters when source code is unavailable or when analysts need to examine suspicious software quickly.
OpenAI also says GPT-5.4 remains classified as a High cyber capability model under its Preparedness Framework. Because of that, the company says it deploys the model with added protections, while the more permissive cyber variant remains limited to vetted security vendors, researchers, and organizations.
Trusted Access for Cyber is getting much bigger
OpenAI says it is scaling Trusted Access for Cyber to thousands of verified individual defenders and hundreds of teams that protect critical software. That marks a major expansion from the more limited program it introduced in February.
For individual users, OpenAI says identity verification happens through chatgpt.com/cyber. Enterprise customers can request team access through their OpenAI representative, and higher levels of authentication unlock more capable access tiers.
OpenAI also says permissive cyber-capable models may face extra limits in lower-visibility environments, especially Zero-Data Retention setups and some third-party platform use cases where the company has less visibility into intent and context.
How Codex Security fits into the plan
The launch also ties into Codex Security, OpenAI’s security agent for connected GitHub repositories. OpenAI says the product helps teams find, validate, and patch likely vulnerabilities using project-specific context rather than acting like a simple noisy scanner.
In its April 14 cyber defense post, OpenAI said Codex Security has contributed to more than 3,000 fixed critical and high vulnerabilities across the ecosystem since its recent launch, along with many more lower-severity fixes. In the March 6 research preview post, the company separately said the system scanned more than 1.2 million commits in its beta cohort over 30 days and identified 792 critical findings plus 10,561 high-severity findings.
OpenAI has also provided GPT-5.4-Cyber access to the U.S. Center for AI Standards and Innovation and the UK AI Security Institute for evaluations focused on cyber capabilities and safeguards. That shows the company wants outside testing as it widens access.
Key details at a glance
| Item | What OpenAI says |
|---|---|
| New cyber model | GPT-5.4-Cyber |
| Announced | April 14, 2026 |
| Base model launch | GPT-5.4 launched March 5, 2026 |
| Main use cases | Binary reverse engineering, malware analysis, vulnerability research |
| Access model | Highest Trusted Access for Cyber tiers |
| Verification path | Individuals via chatgpt.com/cyber, enterprises through OpenAI representatives |
| Safety status | GPT-5.4 treated as High cyber capability |
| Broader security product tie-in | Codex Security for codebase scanning, validation, and patch proposals |
What matters for security teams
- GPT-5.4-Cyber is not a general public release for anyone doing cyber work.
- OpenAI is reserving the most permissive access for vetted defenders.
- Binary reverse engineering stands out as the biggest newly advertised capability.
- Trusted Access for Cyber now scales beyond a small pilot.
- Codex Security remains a major part of OpenAI’s broader cyber defense strategy.
FAQ
No. OpenAI launched GPT-5.4 on March 5, 2026. The newer April 14 announcement covers GPT-5.4-Cyber and the expansion of Trusted Access for Cyber.
It is a more cyber-permissive version of GPT-5.4 built for vetted defenders. OpenAI says it lowers the refusal boundary for legitimate cybersecurity work and supports advanced defensive workflows.
Yes. OpenAI explicitly says GPT-5.4-Cyber adds binary reverse engineering capabilities so security professionals can analyze compiled software without source code.
OpenAI says individual users can verify through chatgpt.com/cyber, while enterprises can request access through their OpenAI representative. The most permissive capabilities sit in higher verified tiers.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages